* » 



(19) 



J 



Europaisch s Patentamt 
European Patent Office 
Office uropeen des brev ts 



(12) 



(11) EP 1 265 414 A1 

EUROPEAN PATENT APPLICATION 



(43) Date of publication: 

11.1 2.2002 Bu lletin 2002/50 

(21) Application number 01440156.6 

(22) Date of filing: 06.06.2001 



(51) Intci7 : H04L 29/06, H04L 12/24, 
H04Q 3/00 



(84) Designated Contracting States: 


• Trappeniers, Lieven 


AT BE CH CY DE DK ES Fl FR GB GR IE IT LI LU 


3000 Leuven (BE) 


MC NL PT SE TR 


• De Moer loose, Jan 


Designated Extension States: 


9921 Lovendegem (BE) 


AL LT LV MK RO SI 


• Focant, Step ha ne 




1040 Etterbeek (BE) 


(71) Applicant: ALCATEL 


• Bats leer, Claudine 


75008 Paris (FR) 


9860 Scheldewindeke (BE) 




♦ Pham, Hien Thong 


(72) Inventors: 


1070 Brussels (BE) 


• Chantraln, Dominique 




2650 Edegem (BE) 


(74) Representative: Richardt, Markus Albert et al 


• van Ackere, Michel 


Quermann & Richardt 


9100 Sint-Niklaas (BE) 


Unter den Eichen 726 


• Vanderstraeten, Hans 


65195 Wiesbaden (DE) 


9280 Lebbeke (BE) 



(54) Method for deploying a service and a method for configuring a network element in a 
communication network 



< 



m 

CO 
CM 



a. 

LJJ 



(57) The invention relates to a method for deploying 
a service in a communication network by performing the 
steps of: 

invoking a service deployment engine by a request 
for the service, 

retrieval of deployment templates, 

retrieval of service deployment policies, 

determi nation of a current configuration of at least 
one network element involved in providing the serv- 
ice, 

selection of a deployment template from the re- 
trieved deployment templates based on the service 
deployment policies and configuration. 

Further a method for configuring a network element 
by means of a network element controller through the 
intermediary of a n twork element proxy is devised by 
the present invention. In particular this has the advan- 
tage of seemless integration into the IETF policy frame- 
work. 
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Determine current configuration of involved NE : 
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- Interrogation of NE 
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Description 

Field of th inv ntion 



[0001] The present invention relates to a method for deploying a service in a communication network and a method 
for configuring a network element in a communication network as well as to a corresponding distributed computer 
system and computer program product. 

Background and prior art 



[0002] Telecommunication networks such as the internet are an increasingly important source of information and 
electronic communication for users of computers in homes and businesses. A major problem associated with the 
internet, however, is the difficulty faced by typical computer users in connecting their computers or local area networks 
to the internet. For example, a computer user desiring to connect to the internet must make many critical decisions, 
is such as which communication medium to use, which internet service providerto subscribe to, how to secure the network 
interface and which network services to utilize. 

[0003] Likewise business managers in charge of local or wide area networks must also address questions related 
to the type and configuration of computer networks which are to be connected to the internet, and other such external 
networks. Installing an external network connection typically requires an understanding of many different communica- 
tion protocols, network services, connection media and computer network practices. 

[0004] This complexity is further increased by the increasing numbers of types of network elements, functionalities, 
protocols and services etc. 

[0005] From US-A-6,230,1 94 a system for upgrading the software contents of a network interface device connecting 
a client computer system to an external network is known. The network interface device is configured for the client 
system by automated procedures and protocols initiated from a remote server. Software programs within the network 
interface device provide transparent communication between the client computer system and services available on 
the external network. Similar software programs and a configuration database within the network interface device 
provide transparent communication between the client computer system and the remote server. 
[0006] From US-A-623 7031 a system for dynamically controlling a network proxy is known. Network proxies are 
configured to have free access to both internal LAN resources and external resources, and can safely pass data back 
and forth across a firewall. Users may then be given save, though indirect, access to web resources by configuring 
the user's web browser to reference the network proxy instead of external target servers. When the web browser is 
used to retrieve information from outside the firewall it sends a request to the network proxy, which then completes the 
request and returns the result to the requestor. 

[0007] From US-A-6222 843 a method for providing services in a telecommunication network is known. The method 
relies on an open services architecture incorporating an adaptive grooming router providing an interconnected back- 
bone network function for connectivity between a plurality of multimedia access routers and a narrow band network, 
wherein the multimedia access routers provide each a hub point. 

[0008] US-A-6 229 81 0 shows a network server platform for a local loop network service architecture. The network 
service platform aims to address the problem that DSL modem technology is not standardised. In order to ensure 
compatibility the type of DSL modem provided by a local telephone company must also be provided to the end user 
in the customer premises equipment. Additionally, since the network is not completely controlled by the inter-exchange 
companies, it is difficult for the inter-exchange companies to provide data at committed delivery rates. 
[0009] Therefore it is a common problem of the prior art to manage the configuration of network elements for the 
purposes of deploying services over a communication network both from the perspective of the end user and for the 
service provider. 

Summary of the invention 



[0010] It is therefore an object of the present invention to provide an improved method for deploying a service and 
for configuring a network element in a communication network as well as a corresponding computer system and com- 
puter program product. 

[001 1] These objects are achieved by applying the respective features of the independent claims. 
[0012] Preferred embodiments of th invention ar given in th dep ndent claims. 
55 [0013] The invention allows to select and activate a service in a us r-friendly and efficient way. In particular, the 
usage of deployment templates makes it possible to automatically configure the network I ments required for providing 
a requ sted service both within th network itself and within the customer premises domain. The deployment can be 
user-initiated, fully automated and prop rry accounted for while corresponding deployment policies of the network 
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operator and / or service provider are observed. 

[001 4] This has the advantage, that the deployment of a service and the corresponding changes of the configurations 
of network elements does not require manual intervention of an operator such as running scripts on the individual 
network elements involved. 

5 [0015] As a further advantage the invention allows to bundle services into one offer. When the bundle of services is 
selected by a user the whole bundle is automatically deployed. This is even made possible by the present invention 
within a heterogeneous installed base of network elements. 

[0016] Further the invention is advantageous in that it allows to configure network elements by means of a network 
element proxy. When a network element controller receives a request for configuring a network element this request 
10 is translated by the network element proxy into a lower-level format, for example a lower-level handle, methods and 
parameters which can be interpreted by the network element to be configured. The network element proxy can be a 
part of the network element controller, a separate entity or it can be on the network element itself. A network element 
proxy can deal with one or multiple network elements. 

[0017] Configuring a network element through the intermediary of a network element proxy has the advantage that 
*5 access- and service-providers can allow their end customers to configure their costumer premises gateway without a 
risk for stability, manageability and with respect to security. 

[0018] In particular this allows to effect a configuration change upon service selection in compliance with network 
and / or service providers policies. Further this offers the possibility of book keeping of the configuration of the network 
elements in the network element proxy. 
20 [0019] The flexible architecture devised by the invention allows application to an existing installed base of network 
elements. As a further advantage the invention allows to account for the services provided to end users on a finer level 
of granularity. 

[0020] In the following a preferred embodiment of the invention will be explained in greater detail with respect to th 
drawings in which 

25 

Fig. 1 is a block diagram of a first embodiment of a computer system in accordance with the invention, 

Fig. 2 is a flowchart illustrative of an embodiment of a method for deploying a service in a communication network 

of the invention, 

Fig. 3 is a block diagram of a second embodiment of a computer system in accordance with the invention, 

Fig. 4 a-c show three different approaches for a protocol interceptor as it can be used for the embodiments of Fig. 
1 , 2 or 3, 

Fig. 5 is illustrative of an embodiment of a method for configuring a network element in accordance with the 

invention, 

Fig. 6 is a block diagram illustrative of the configuration of a network element through the intermediary of a 

40 network element proxy, 

Fig. 7 is a flowchart illustrative of the usage of policy decision and policy enforcement points for the automatic 

configuration of a network element through a network element proxy. 

Fig. 8 is illustrative of a policed change to a service policy and / or configuration at a customer premises gateway, 

Fig. 9 is illustrative of the configuration of the system of Fig. 8 after the change has been effected, 

Fig. 10 is illustrative of a policed change, where the network element proxy resides on the network element con- 

50 troller, 

Fig. 1 1 is illustrative of an embodiment where the network element proxy is residing on the network element itself, 

Fig. 12 is a further embodiment where the network element proxy is realized as a separate entity. 



30 



35 



55 



[0021] Fig. 1 shows a distributed computer system containing client computer systems 1 and 2 which are on the 
same or on different premises. The client computers 1 and 2 are connected to a communication network 3. The com- 
munication network 3 can encompass a customer premises network and / or an external network, such as the int met. 
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[0022] The communication network 3 has a variety of network elements such as network element 4. Examples for 
network elements Include an ADSL (asymmetric digital subscriber line) modem, a digital subscriber line equipment 
(DSLAM) of an access provider and broadband access servers (BRAS). 

[0023] The client computers 1 and 2 can connect to a portal 5 which is realized on a web-site. The portal 5 can trigger 
5 a service deployment engine (SDE) 6. Alternatively the service deployment engine 6 can be invoked by a protocol 
interceptor. The function of the protocol interceptor is to intercept protocol messages exchanged between two network 
elements and to reroute these protocol messages. In this way triggers from the network can be intercepted and can 
be used to trigger the service deployment engine 6. 

[0024] The service deployment engine 6 is coupled to databases 7 S 8 and 9. 
10 [0025] The database 7 contains deployment templates for deployment of a variety of services on a variety of network 
elements. Each of the templates of the database 7 contains handles, methods and/or parameters for a specific con- 
figuration and/or activation of a service. 

[0026] The database 8 is a database containing service deployment policies for a variety of services. 
[0027] Preferably the policies are stored in the form of a policy information model which defines policy objects that 
'5 enable application developers, network administrators and policy administrators to represent policies of different types. 
[0028] Each policy rule can consist of a set of conditions and a set of actions. Policy rules may be aggregated into 
policy groups. These groups can be nested to represent a hierarchy of policies. 

[0029] If the set of conditions associated with a policy rule evaluates to TRUE, then a set of actions that either 
maintain the current state of the object or transition the object to a new state may be executed. 
20 [0030] For the set of actions associated with a policy rule, it is possible to specify an order of execution, as well as 
an indication of whether the order is required or merely recommended. It is also possible to indicate that the order in 
which the actions are executed does not matter. 

[0031] Policy rules themselves can be prioritised. One common reason for doing this is to express an overall policy 
that has a general case with a few exceptions. 
25 [0032] For example a general quality of service policy rule might specify that traffic originating from members of the 
engineering group is to get "Bronzeservice , \ A second police rule might express an exception: traffic origination from 
John, a specific member of the engineering group, is to get "Goldservice". Since traffic originating from John satisfies 
the conditions of both policy rules, and since the actions associated with the rules are incompatible, a priority needs 
to be established. 

30 [0033] Further examples for policy groups and rules, such as motivational policies, configuration policies, installation 
policies, error and event policies, usage policies, and services policies are given in RFC3060, policy core information 
model, version 1 . specification, network working group of the IETF policy framework WG (http://www.faqs.org/rfc s/ 
rfc3060.html). 

[0034] The database 9 contains information descriptive of the configuration of the network elements. 
35 [0035] Further the services deployment engine 6 is connected to a network element controller 1 0. 

[0036] In operation the service deployment engine 6 is triggered when a user of one of the client computers 1 or 2 
makes a selection in the portal 5. For example the user may select a service or a service-category (silver / gold / bronze) 
on the portal 5. Alternatively, the service deployment engine 5 can be triggered by a protocol interceptor (PI) that 
captures a request — such as a request for a point to point protocol (PPP) set-up, a radius message or a DNS request. 
40 The protocol interceptor is not necessarily related to the portal 5. 

[0037] After it has been triggered the SDE 6 retrieves the appropriate deployment template (s) from the database 7. 
The retrieved template (s) identify the involved network elements for configuring the requested service. 
[0038] The SDE consults the database 8 in order to obtain the service deployment policies of the operator or service- 
provider Subsequently, the SDE 6 determines the current configuration of the network elements involved in the re- 
quested service. In the example considered here this is done by accessing the network element configuration database 
9 in which the configurations of the network element are stored. 

[0039] Alternatively this information can be obtained by the SDE 6 by means of an active interrogation of the involved 
network elements. Based on the information obtained from the databases 8 and 9 or by the information obtained by 
interrogating the network elements, a deployment template is selected by the SDE 6. 

[0040] At this stage the SDE 6 has all elements which are necessary to deploy and / or activate the requested services 
for the user: the appropriate deployment template and the identity of the network elements which are involved. 
[0041] An example for such a user request is a request for deployment of a virtual private network switch (VPN) 
service. This services can be deployed in at least three ways: (i) putting corresponding functionality on the clients 
t rminal sid , (ii) putting functionality on the modem on the clients side or (iii) keeping all of the required functionality 
55 in the network. Hence, when a user of one of th client comput rs 1 or 2 issues a request for this servic . the database 
7 will return at least three different deployment templates, each one of the deployment templates corresponding to one 
of the above listed technically feasible possibilities. 

[0042] The SDE 6 queries the database 8 in order to determine the service deployment policy and database 9 to 



45 



50 



BNSDOCID: <EP 1265414A1_I_> 



EP 1 265 414A1 



10 



15 



20 



determine the configuration of the network elements involved. 

[0043] By way of the example it is assumed that the client's side has an advanced type of customer premises (CP) 
gateway that allows to deploy services on it. In this case all theoretically feasible deployment templates are still viable 
as the client's CP gateway technically allows to realize all options. In contrast a less advanced modem would have 
eliminated the possibility (ii). 

[0044] As more than one deployment template can be used for deployment of the service the retrieved operator 
service deployment policy is decisive for the selection of the service deployment template by the SDE 6. 
[0045] For example the service deployment policy of the operator might specify that putting software on the user 
terminal of the client's side (above option (i)) is to be avoided if possible. As a consequence the deployment templat 
corresponding to above possibility (ii) or (iii) is selected by the SDE 6 and the service is deployed correspondingly. 
[0046] This is done by configuring the involved network elements in accordance with the selected deployment tem- 
plate by the SDE 6. In the preferred embodiment considered here the SDE 6 interacts with the network element con- 
troller 1 0 to use the appropriate handles as specified in the selected deployment template for the network element to 
be configured, taking into account the existing configuration of the network elements. In this instance the network 
element controller 1 0 performs the actual configuration of the network element to be configured. This can be done with 
the help of network element proxies that translate the high-level handles to lower-level handles that are specific to the 
network element and / or the network element type involved. 

[0047] Fig. 2 shows a flowchart corresponding to the operation of the above described distributed computer system 
of Fig. 1 . 

[0048] In step 20 the user performs a selection in a portal to request a desired service. In step 22 this triggers the 
service deployment engine. 

[0049] Alternatively the service deployment engine can be triggered in step 22 by capturing the service request by 
means of a protocol interceptor in step 21 . 

[0050] In step 23 the SDE retrieves the deployment templates from a database. In step 24 it also retrieves the cor- 
responding service deployment policies of the operator and in step 25 the configuration of the involved network ele- 
ments from another database. The involved network elements are identified in the deployment template. Alternatively 
the involved network elements can be directly interrogated in step 25 in order to determine the current configuration. 
[0051] Based on the information obtained in step 24, 25 and 26 a deployment template is selected by the SDE in 
step 26. For example this selection can be performed by selecting a deployment template from the set of deployment 
templates which corresponds both to the retrieved service deployment policies and to the current properties and / or 
configuration of the involved network elements. For example a legacy network element might not support one or more 
of the available configuration option of the deployment templates. This restricts the number of deployment templates 
which can be selected by the SDE. Likewise the service deployment policies of the operator can impose restrictions 
on the SDEs selection of the appropriate deployment template. 

[0052] After the selection of the deployment template has been made in step 26 the deployment and / or activation 
of the service is effected under control of the SDE in step 27. 

[0053] Fig. 3 shows a more specific preferred embodiment of the computer system of Fig. 1 where like elements are 
denoted with the same referenced numerals. A user 11 connects to a portal 5 by means of a client computer 1 or a 
client computer 2 on its customer premises. The service deployment engine 6 in this instance is connected to a single 
database 12 incorporating the databases 7, 8 and 9 of Fig. 1 . 

[0054] The client computers 1 and 2 are connected to a customer premises gateway 13 (CP gateway). The CP 
gateway 13 is connected to DSLAM 14 which in turn is connected to BRAS 15. Each of the network elements 13, 14 
and 15 is associated with a corresponding network element controller— CP gateway controller 1 6, DSLAM controller 

1 7 and BRAS controller 1 8. These network element controllers 16,17 and 1 8 are coupled to SDE 6. 
[0055] Hence the configuration of CP gateway 13 is performed by SDE 6 through the intermediary of the correspond- 
ing network element controller which is CP gateway controller 16. Likewise DSLAM controller 1 7 and BRAS controller 

18 are utilized by SDE 6 for the configuration of DSLAM 14 and BRAS 15. 

[0056] In the following a preferred embodiment for the protocol interceptor is shown in greater detail with respect to 
the figures 4a-c. The function of the protocol interceptor is to intercept protocol messages exchanged between two 
network elements and reroute theses messages. In this way triggers from the network to the SDE 6 (cf . Fig. 1 , 3) can 
be intercepted and used in an application framework. Also messages going to another destination can be used to 
generate the trigger for the SDE 6. 

[0057] The protocol interceptor may further contain an algorithm to decide for each message how it has to be proc- 
essed. It contains further a control interface through which it can be flexibly adapted, (e.g. when a n w system is 
55 introduced in the network architecture which also desires to rec ive the messages). 

[0058] In the example of Fig. 4a the protocol interceptor PI is a separate device. Messages from a network element 
NE are sent to th protocol interceptor PI that duplicates the message and forwards one copy as a trigger to the 
application AP subscribed for this kind of triggers and one copy to the recipient DES as originally designated in the 
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messages. The destination DES can be another network element or a network management system or the like. 
[0059] This is the most flexible approach. It allow for network architectures wh reby the protocol interceptor function 
is shared by multiple network elements and multiple separate application platforms. Neither the network elements nor 
the application platform have to take into account the complexity of duplicating and modifying protocol messages. The 

5 only drawback is that an additional device has to be introduced in the network. 

[0060] Fig. 4b: The protocol interceptor PI function is integrated in the network element NE. This approach places 
the burden on the network element. Actually it shifts the problem entirely to the network element, while a basic idea of 
the present invention is to be able to deal with network elements that do not offer a sufficiently flexible protocol interface. 
Therefore the approach is the at least attractive of the three. Nevertheless, for sake of completeness we suggest it is 

10 covered. 

[0061] Fig. 4c: The protocol interceptor PI function integrated in the application platform AP. This can be considered 
as the software equivalent of the first approach as shown in figure 4a. Instead of running the protocol interceptor PI 
logic on a separate device in the network, it is incorporated as a software component in the application platform AP. 
Since the function of intercepting, rerouting, and modifying protocol messages was encountered in first the instance 
15 in the context of an application platform, it is quite logical to position the corresponding new functionality as a new 
component in this application platform AP In other words, this is probably the most attractive solution. It can be used 
to intercept protocol messages form different network elements, and forward them to the necessary legacy network 
components, while at the same time extracting the required information to enable value added services and applica- 
tions. 

20 [0062] Fig. 5 shows a block diagram of an alternative embodiment of the invention where like elements are designated 
by the same reference numbers as in the figures 1 and 3. 

[0063] The SDE 6 of Fig. 5 can connect to network element controller (NEC) 1 0 as in the embodiments of figures 1 
and 3. However user 1 1 can also directly trigger the configuration of a network element, such as its CP gateway, from 
the NEC 10. When the NEC 10 receives a request for configuration of a network element from SDE 6 or from user 11 

^5 the NEC 10 connects to the NEC proxy 19. The NEC proxy 19 contains a table 20 for mapping a generic handle 
received from the N EC 1 0 as part of the request for configuration of the network elements to a low-level handle, method 
and / or parameter which can be interpreted by the network element 4. Alternatively an even more flexible approach 
can be employed based on transformations of XML datastructures. Preferably there is one NEC proxy 1 9 for each type 
of network element 4 such that one NEC proxy 19 can handle a large number of network elements 4 of the same type. 

30 [0064] Preferably the so called triggers' and handles' concept is used in the system of Fig. 5: Triggers and handles 
are closely linked to network elements. Triggers and handles abstract pieces of information exchanged between service 
logic and network elements. 

[0065] A trigger is a notification containing pieces of data sent by a network element to the service logic upon oc- 
currence of a specific network event. Triggers are thus a way for network elements to provide information that can be 
35 used by service logic and that, somehow, participate in value added services visible to end-users. Examples of triggers 
are presence triggers used by service logic for billing, for advertisement, etc. 

[0066] A handle is a command sent by the service logic to a network element. These commands most of the time 
request the network element to execute some actions (configurations of Quality of Service (QoS)), set-up of connec- 
tions: update a router table, etc.) the network element is capable of among all its networking capabilities. Handles can 
*o as well contain useful information. Handles are thus a way to drive network resources for the benefit of a service 
platform. 

[0067] An application belonging to the service logic can be completely based on triggers and handles. For example, 
this application could wait indefinitely for triggers from a list of well known triggers. It sends out a specific handle when 
it receives a specific trigger. If the handle executes successfully, new triggers may be available to the application and 
4 5 so on. Triggers and handles can be provided by elements in existing network protocols from the moment they fit in the 
definition given above but they can also be provided independently of existing network protocols (especially when new 
triggers or handles are required but not already supported in existing protocols) and have a customised construct 
starting from information contained in or features of existing network protocols. 

[0068] This concept can be materialised as a standard, vendor independent interface between service platforms and 
50 network elements. This interface should provide as well the semantic of triggers and handles plus the syntax for a 
language whose purpose is the description of triggers and handles. The main requirement for this language is that it 
should allow easy definition of new triggers and handles. The main requirement for the triggers and handles semantic 
is that it can easily be interpreted by applications or network elements in order for them to identify unambiguously a 
trigger or handle. The newly defined interface is transported over either an existing or a new communication protocol 
55 (e.g. SIP). 

[0069] The advantages of triggers and handles are as follows: 

clear communication interface to control and manage various types of messages between network elements and 
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applications. 

Triggers and handles hide network-specific events, commands to the application and triggers and handles syntax 
allows to d scribe triggers and handles in a vendor indep ndent way. Hence the application does not have to be 
5 aware of the vendor-specific implementation aspects of the network element. 

[0070] Examples for triggers include presence triggers from BRAS, ADSL modems, radius accounting triggers from 
BRAS to SMC, user security violation trigger, user session time expiration trigger. 

[0071] Examples for handles include handles for service selection on BRAS via RAS protocols (e.g. request the 
10 BRAS to dial out to a user terminal, request the BRAS to switch to a different VPN at PPPoE level, request the BRAS 
to reconfigure its routing table to support simultaneous connectivity to two different VPN's etc); handles to an ADSL 
modem to set-up bridges (for PPPoE clients), PPP connections, NAT/ PAT entries, VP / VC, etc.; handles to a DSLAM 
to set-up dynamically VP/VC (SVC's) via a management interface (e.g. SNMP); handles to set-up PPP connections 
on the user terminal. 

is [0072] Fig. 6 shows a block diagram illustrating various options for implementation of network element proxies. The 
network element controller 1 0 itself can contain a network element proxy 20 which serves a single network element 21 . 
[0073] Alternatively the network element proxy can be realized as a separate entity — network element proxy 22 - 
which also has just one associated network element 23 or It can be implemented as a separate network element proxy 
24 for a plurality of network elements 25. 

20 [0074] As a further alternative the network element proxy can also form an integral part of the network element itself 
as it is the case with respect to network element 26 which is coupled to NEC 10. 

[0075] The configuration of one of the network elements 21 , 23, 25 or 26 through the intermediary of the correspond- 
ing network element proxy is triggered by a corresponding user request or a process received by the NEC 10. The 
process can be the transmission of a corresponding handle from the SDE 6 (cf. Fig. 1 , 3) to the NEC 1 0. It is important 
25 to note that the handles are not sent directly to the corresponding network elements but to the network proxy of th 
network element which is addressed by the handle. This network element proxy translates the generic handles to 
lower-level handles, methods and parameters of the NE involved. 

[0076] A network element controller typically handles network elements of one specific type such as CP gateways, 
DSLAM or BRAS. The NE proxies (or agents) translate the NE specific handles to the actual type of NE. The NEC 

30 deals with addressing and thus offers a "topological" view on the NEs involved. Each NE proxy handles NEs at a certain 
location, area or network segment and it translates the generic handles to NE specific actions. 
[0077] The policy framework as under definition in the IETF defines a policy enforcement point (PEP) that corporates 
with a policy decision point (PDP) to enforce policies on a service. In the embodiment of Fig. 7 the policies for config- 
uration of network elements are enforced by the NEC: 

35 [0078] In step 70 a user request is made for configuration. Alternatively the request can be made by a process or 
by a SDE (cf. Fig. 1 and 3). 

[0079] In step 71 the NEC receives a corresponding handle specifying the network elements to be configured and 
the kind of configuration and / or reconfiguration. 

[0080] In step 72 the NEC consults a policy decision point (PDP) forthe applicable policy. In step 73 the NEC becomes 
40 the policy enforcement point (PEP) forthe policy as determined in step 72. For example an SDE can act as a PDP. 
[0081] In step 74 the NEC approves the requested configuration change in its role as a PEP. In step 75 this change 
is effected through the intermediary of the appropriate NE proxy. 

[0082] After step 75 the requested service can be provided to the user. During the provision of the service the NE 
acts as a PEP in step 76 and the NEC acts as PDP in step 77. 
45 [0083] The above embodiment is advantageous in that it facilitates a seemless integration of user-initiated configu- 
ration changes of the invention with the IETF policy framework. 

[0084] Figures 8 and 9 show block diagrams of illustrative embodiments of the method of Fig. 7. Again like elements 
are denoted by the same reference numerals as in figures 1 and 3. 

[0085] In the system of Fig. 8 the CP gateway controller 16 takes the role of a PEP during the configuration phase 
50 of the CP gateway 1 3. Another entity, such as a SDE takes the role of a PDP. The configuration of the CP gateway 13 

is done by the CP gateway controller 16 through the intermediary of the CP gateway proxy 27. 

[0086] After the configuration of the CP gateway 13 the CP gateway 13 takes the role as a PEP whereas the CP 

gateway controller 16 takes the role of a PDP as it is illustrated in Fig. 9. o 

[0087] The following figures 1 0, 11 and 12 illustrate how the CP gateway proxy can be placed on different n twork 
55 ntities. The example of figures 10, 11 and 12 is not restricted to the application for the CP gateway proxy but shows 

the flexibility in distributing network elements proxy functionality which allows to leverage the installed base of network 

elements and to involve them in added value service sc narios. 

[0088] In the example of Fig. 10 the CP gateway proxy 27 forms an integral part of th CP gateway controller 16 
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whereas in the example of Fig. 1 1 the CP gateway proxy 27 is integrated within the CP gateway 1 3 itself. In the example 
of Fig. 12 the CP gateway proxy 27 is implement d on one of the user terminals of client computers 1 and / or 2. 
[0089] It is to be noted that a further potential field of application of the present invention is within the framework of 
the open services gateway initiative (OSGi) which is standardising the development of services on small embedded 
5 devices at the customer premises. 

List ofjefere nce n u merals 

[0090] 

10 

client computer 
client computer 
communication network 
network element 
is portal 

service deployment engine 
database 
database 
database 
20 network element controller 
user 

database 
CP gateway 
DSLAM 
25 BRAS 

CP gateway controller 
DSLAM controller 
BRAS controller 
NE proxy 
30 NE proxy 

network element 
NE proxy 
network element 
NE proxy 
35 network element 
network element 
CP gateway proxy 



40 Claims 

1 . A method for deploying a service in a communication network, the method comprising the steps of: 

invoking a service deployment engine by a request for the service, 

45 

retrieval of deployment templates by the service deployment engine, 

selection of a deployment template from the retrieved deployment templates by the service deployment engine, 
50 ' deploying the service by means of the selected deployment template. 

2. The method of claim 1 further comprising the steps of: 

retrieval of service deploym nt policies, 

55 

d termination of a current property of at least one network element involved in providing the service, 
whereby the s lection of the deployment template is performed based on the retrieved service deployment policies 
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15 



20 



25 



and the current property. 

3. The method of claim 2 the current property being the current configuration of the at least one network element. 

4. The method of anyone of claims 1 , 2 or 3, whereby the request for the services is triggered by a user's connection 
to a web-site. 

5. The method of anyone of the preceeding claims 1 to 4, whereby the request for the service is triggered by a protocol 
interceptor (PI). 

6. The method of claim 5 the protocol interceptor performing the steps of monitoring protocol messages send by a 
network element of the communication network for events of a predefined type and, upon occurrence of an event 
of this type, generating the trigger. 

7. The method of anyone of the preceeding claims 1 to 6 whereby each of the deployment templates contains con- 
figuration data for a specific type of network element. 

8. The method according to anyone of the preceeding claims 2 to 7, whereby the service deployment policies comprise 
policy information in the form of an object-oriented information model. 

9. The method of anyone of the preceeding claims 2 to 8, whereby the determination of the current property is per- 
formed by retrieving information descriptive of the property from a configuration data base or by interrogation of 
the network element itself. 

10. The method in accordance with anyone of the preceeding claims 2 to 9, whereby the selection of the deployment 
template is performed by identifying a deployment template within the retrieved set of deployment templates which 
matches the retrieved service deployment policies and the property of the at least one network element. 

11. The method of anyone of the preceeding claims 1 to 10, whereby the service deployment engine interacts with at 
30 least one network element controller for deployment of the service in accordance with the selected deployment 

template. 

12. The method of claim 1 1 , whereby a separate network element controller is used for each type of network element, 
such as a customer premises gateway controller, a digital subscriber line equipment controller, a broadband access 

35 server controller. 

13. A service deployment engine comprising 

- means (7) for retrieval of deployment templates in response to a request for a service in a communication 
4 <> network, 

means (8) for retrieval of service deployment policies, 

means (9) for determination of a current property of at least one network element involved in providing the 
45 service, 

means (6) for selection of a deployment template based on the service deployment policies and the determined 
property. 

so 14. The service deployment engine of claim 13, wherein the means for selecting of the deployment template are 
adapted to perform the selection such that the selected deployment template matches the deployment policies 
and a property of a configuration of the at least one network element. 

15. A computer system comprising a service deployment engine (6) in accordance with claim 13 or 14 and at least 
55 one network element controller (1 0) for effecting the deployment of the requested service. 

16. A method for configuring a network element having a network element type being comprised in a set of network 
element types, the method comprising the steps of: 
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providing for each network element type a network element proxy being located between network elements 
of the same type and a network element controller, 

sending a configuration command from the network element controller to the network element proxy of the 
5 network element to be configured, 

translating the configuration command into a lower level format for the configuration of the network element, 

- providing the lower level format of the configuration command to the network element 

10 

17. The method of claim 16 the step of translating comprising a step of accessing a database within the network 
element proxy for mapping the configuration command onto the lower level format, the lower level format preferably 
comprising a low-level handle, parameter and / or method. 

'5 1 8. The method of claim 1 6 or 1 7, whereby the network element proxy is provided as an integral part of a corresponding 
network element controller or as a separate entity interposed between the network element controller and its cor- 
responding network element or as an integral part of the network element itself. 

1 9. A method in accordance with claims 1 6, 1 7 or 1 8 further comprising the steps of 

20 

determining a deployment policy from a policy decision point, such as a service deployment engine, by the 
network element controller, 

assigning the role of a policy enforcement point to the network element controller, 

25 

approving the requested configuration by the network element controller, 

- assigning the role of a policy enforcement point to the network element and assigning the role of a policy 
decision point to the network element controller after the configuration of the network element has been ef- 

30 fected. 

20. A distributed computer system comprising means adapted for carrying out the steps of anyone of the proceeding 
claims 1 to 1 2 and / or 1 6 to 1 9. 

35 21. A computer program product stored on a computer usable medium, such as on a data file for transmission over 
the internet, comprising computer readable program means for causing a distributed computer system, such as a 
computer system comprising at least one network element, a web-site or protocol interceptor, a service deployment 
engine and at least one network element controller, to perform a method according to anyone of the proceeding 
claims 1 to 1 2 and / or 1 6 to 1 9 when the program is run on the distributed computer system. 
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